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TYPINGDNA PRIVACY POLICY 


TypingDNA SRL: and TypingDNA Inc.?2 (referred to collectively and individually as 
“TypingDNA”’, “we” or “us”) realize that our platform, https://www.typingdna.com/ (the 
“Website”) and any related services (the “Services”) we offer, including mobile applications, 
can only work if we build a relationship of trust with our users. 





We control the purpose for which, and the manner in which, Personal Information (as defined 
below) about individuals accessing the Website, trying or using our Services and/or respectively 
being targeted by us for marketing purposes in relation to our provision of the Services is 
processed. We are therefore the data controller under applicable data privacy laws. 


Pursuant to Art. 26 of the General Data Protection Regulation? (“GDPR”), TypingDNA SRL and 
TypingDNA Inc are joint controllers with respect to Personal Information collected via the 
Website or otherwise processed by us in relation to the Website and/or our Services. Our 
contact details are set out at the end of this privacy policy (“Privacy Policy”). 


This Privacy Policy outlines the categories of Personal Information the Website collects from 
you, that you provide to us, or that you authorize to be provided to us or that we collect from 
third party resources for marketing or other legitimate purposes in relation to our Services, the 
purposes for which your Personal Information might be used and the safeguards we put in place 
in the course of our relationship with you to protect your Personal Information. 


By continuing to use our Website and/or our Services, you expressly consent to our processing 
of your Personal Information (as defined below) as described in this Privacy Policy, and to being 
bound by the provisions hereof. 


Who we are and the Services we provide 


We are a technology company developing passive authentication and typing biometrics API 
(Application Programming Interfaces). Our mission is to improve security without 
compromising user experience. Our technology is the most available online biometric 
technology - it works with any keyboard, on any device and does not need more than one 
previous sample to start working. We provide typing biometrics authentication as a service, an 
API that anyone can use for 2 Factor Authentication (2FA) and fraud prevention purposes. 


Typing DNA provides a number of products and Services, as follows: 


(i) Typing biometrics authentication API based on keystroke dynamics - our typing 
biometrics authentication API (also known as keystroke dynamics) is suitable for securing login, 
enforcing reset passwords, and online biometric authentication. This solution assists in: 





° identifying fraudsters - it recognizes the user’s true identity on the spot; 


° seamless authentication - typing biometrics enables frictionless keystroke 
authentication in the background of any typed text; 


1 TypingDNA SRL, a Romanian limited liability company headquartered in Romania, Oradea, Str. Vasile Conta no. 32, 
1st floor, office no. 22, registered with the Trade Registry under no. J5/1153/2016, unique registration code 
36172414; 

2 TypingDNA Inc., a US, Delaware company headquartered in 81 Prospect Street, Brooklyn, NY, 11201 ; 


3 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of 
natural persons with regard to the processing of personal data and on the free movement of such data; 
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° text characteristics - TypingDNA supports repetitive text (e.g. login authentication 
credentials) and any text (e.g. writing an email) recognition, so it can be used in any typing 
scenario. 


(ii) Multi-factor authentication: a frictionless authentication solution with typing biometrics, 
SMS or email-based OTP; 





(iii) | TypingDNA Authenticator: we use verification codes in your browser, secured by the 
way you type. 


Personal Information 


So we are clear about the terminology we are using, “personal data" means any information 
describing or relating to an identified or identifiable individual (where an identifiable individual 
is an individual who can be identified, directly or indirectly, in particular by reference to an 
identifier such as a name, an identification number, location data, an online identifier or to one 
or more factors specific to the physical, physiological, genetic, mental, economic, cultural or 
social identity of that individual). 


When we use the phrase “Personal Information” in this Privacy Policy, we mean collectively 
the following categories of personal data that may be requested by us and provided by you; in 
various forms on our Website (such as demo forms, registration forms, etc.), you may be asked 
to enter Personal Information such as: first/last name, password, email address, phone number, 
Skype ID, Internet Protocol (IP) address, location data, country, gender, date of birth, nationality, 
state or province, age, company name, company website, typing biometrics, device type, device 
fingerprint, cursor movements, pointing devices movements (e.g. mouse, touchpad, touchscreen, 
trackpad, others), payment details (e.g. bank account number, credit card number, bank). 


We may process your Personal Information under this Privacy Policy: 


- if you apply for a Demo version of our Services on the Website; 

- if you register an account on the Website; 

- if you enter into any contract or other arrangement (whether via the Website or otherwise) 
for the use (including testing and/or development) of our Services; 

- if you are targeted by us for communication of marketing materials about us, the Website 
and/or our Services (also referred to hereinafter as a “Prospect’): we collect and process such 
limited Personal Information about you from public resources (such as LinkedIn, ZoomInfo, 
Hunter) including your name/surname, email address, telephone number, company-, 
title/position, profession, the way you may potentially use our solution, information about other 
IAM solutions that you may use, professional interests, to allow us to assess a potential interest 
in our Services and to contact you for marketing purposes. 


When you register on our Website to use our Services, or even a Demo version thereof, you will 
need to provide personal information about yourself during the account creation/demo session 
- this Personal Information includes: name/surname, your organization/company details (name 
and website), age, job title/position, email address, phone number, line of work/industry and 
your typing biometric. We can also collect and further process: your typing pattern (typing 
biometrics), Internet Protocol (IP) address, location data, device type, device fingerprint, cursor 
movements, pointing devices movements (e.g. mouse, touchpad, touchscreen, trackpad, others). 


We collect such Personal Information from you when you register on our Website, subscribe to a 
newsletter, try a demo, respond to a survey, fill out a form or enter information on our Website, 
or when you provide us with feedback on our products or Services. If you are a Prospect, we 
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collect and process such further Personal Information about you (as stated above) from public 
sources as mentioned above. 


To help keep our databases current and to provide you the most relevant content and 
experiences, we may combine information provided by you with information from other 
sources, in accordance with applicable law. For example, from these sources, we may learn 
about the size, industry, and other information about the company you work for. 


Also, we use automated systems to analyse your content using techniques such as machine 
learning in order to improve our Services and the Websites. This analysis may occur as the 
content is sent or received using an online feature of the Website or any of our Services or apps, 
or when the content is stored on our servers. 


Please note that registered clients can use our Services to collect typing biometrics from their 
own users. We do not collect and/or further process any Personal Information regarding our 
client’s users and their typing biometrics. 


It is up to the client to decide where and how to store the typing biometrics of its users (and to 
apply adequate data privacy and security measures to ensure that such data is maintained 
confidential and secure from unauthorized disclosure or modification). If the client stores the 
typing biometrics of its own users, it is entirely that client’s responsibility to handle such 
sensitive information with care and comply with the applicable data privacy laws, in particular 
regarding the end user’s consent to the collection, processing and usage of such information by 
the client and (in certain cases) by TypingDNA. If we are required to store the typing biometrics 
of our clients’ end users, such data is anonymized at our level. We do not associate any biometric 
data with any Personal Information from any end-user. 


When we refer to “you” in this Privacy Policy, such reference is limited strictly to individuals 
who have provided Personal Information directly to us via our Website and/or otherwise 
through the use of the Services, or to Prospects whom we identify and target for marketing- 
related communications. 


Anonymous and Aggregate Information 


When we use the phrase “Anonymous Information” in this Privacy Policy, we mean 
information rendered anonymous in such a way that it cannot or can no longer be used to 
personally identify an individual. 


Like many companies, we monitor the use of the Website by collecting aggregate information. 
No personally identifiable data are collected in this process. Typically, we collect information 
about the number of visitors to the Website and the originating domain name of the visitor's 
Internet Service Provider. Also, we may collect non-personal information about your use of the 
Website and/or the Services such as, IP address, log files, user activity, time stamps, etc. Finally, 
we may also collect technical information transmitted by your device, including certain software 
and hardware information (e.g. the type of browser and operating system your device uses, 
language preferences, access time and the domain name of the website from which you linked to 
Website etc.). This information is typically used to improve the usability, performance and 
effectiveness of the Platform. 


Important note: For the avoidance of doubt, any aggregate, non-personal or technical information 
collected, which is or may be connected or linked to the identities of the relevant users, shall be 
deemed as ‘personal data’ (as such term is defined in the applicable data privacy laws) as long as 
such connection or linkage exists or may be made using all the means reasonably likely to be used. 
In such situations, the provisions in this Privacy Policy regarding personal data shall apply mutatis 
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mutandis to the aggregate, non-personal or technical data mentioned herein. For clarity purposes, 
as an example, if we have sufficient information to link an IP address to a particular individual user 
(e.g., through login details, cookies, or any other information or technology) then that IP address is 
personal data, and is subject to the full protections of data protection law and this Privacy Policy. 


Websites and apps covered by this Privacy Policy 


Domains and subdomains that contain typingdna.com are our websites and the TypingDNA 
Authenticator is one of our applications that is also subject to this Privacy Policy. 


Source of Collection 


TypingDNA requires that you submit certain Personal Information about yourself, including 
your email address and other Personal Information as stated above, when you apply for a Demo 
version of our Services and/or register an account on the Website. This information is required 
for you to be able to use the Website and therefore if you do not provide this information you 
will not be able to use the Website. 


In the course of registering for or using the Website and/or the Services, we may prompt you to 
provide additional Personal Information about yourself including your name, alternate email 
addresses, year of birth, and your city, state or country of residence, and you will also be asked 
to answer a few questions to help make the Website and/or the Services more useful to you. 
When you communicate with us through our Platform, we may collect and store any information 
that is contained in your communications with us. We do not automatically include or display 
Personal Information in your shared profile data. 


Purposes and legal basis of processing of Personal Information 


We may collect and use the Personal Information we collect from you when you register, make a 
purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the 
Website and otherwise use our Services and/or apps, or use certain other site features in the 
following ways: 


- to personalize your experience and to allow us to deliver the type of content, products 
and services in which you are most interested; 


- to follow up after correspondence (live chat, email or phone inquiries) and respond to or 
provide any services, support, or information you have requested; 


- to better understanding how our Website, Services and apps are being used so we can 
improve them and engage and retain users; 


- to research and improve our algorithms and our Services generally; 
- to diagnose problems in our Website and/or our apps or Services; 
- to tailor the Website, an app or Service to your likely interests; 


- to send you business messages such as those related to payments or expiration of your 
subscription; 


- to send you information about TypingDNA, our new app/Services releases, special offers, 
and similar information; 


January 3"4, 2020 


- to conduct market research about our customers, their interests, and the effectiveness of 
our marketing campaigns 


- to reduce fraud, software piracy, and protect you as well as ourselves from the same. 


We will limit Personal Information that we collect and further process about you only to what is 
limited for the purposes of processing mentioned above (or other limited purposes which are 
consistent with the primary purposes mentioned above). We will not use your Personal 
Information in a manner which is incompatible with the purposes for which it has been initially 
collected and/or authorized by you, unless we obtain your prior consent. Examples of 
compatible processing purposes may include those that reasonably serve customer relations, 
compliance and legal considerations, auditing, security and fraud prevention and preserving or 
defending our legal rights etc. 


We collect, process, use and, as applicable, disclose Personal Information related to you on the 
basis of the following legal grounds under the GDPR: 


- consent of the data subject (Art. 6(1) letter (a) GDPR): by choosing to use the Website 
and/or any of our Services, you consent to your Personal Information being collected and 
processed by us for the purposes and as regulated in this Privacy Policy. You may vary or fully 
revoke your consent at any time, by sending an email to dataprivacy@typingdna.com. 
Withdrawal of consent will have an effect only for the future and does not affect the legitimacy of 
data processed until that date. Please note that you may be unable to use all or part of the 
Website and/or the Services if you do not provide consent to the processing of your Personal 
Information. We further note that we may continue to use any part of your Personal Information 
for which we may have other legal grounds for processing in accordance with the applicable law. 


By using the Website and/or signing up for any of the products or Services offered by 
TypingDNA, you agreeing to the terms of this Privacy Policy. This Privacy Policy is a legally 
binding agreement between you (and your client, employer or another entity if you are acting on 
their behalf) as the user of the Services and TypingDNA and its Affiliates. If we add any new 
features or tools to our Services, they will also be subject to this Privacy Policy. 


We may use your Personal Information based on your explicit consent for the following 
purposes: (i) to provide you with the Website (including any related apps, Services and 
functionalities thereof); (ii) to improve the quality of the Website and user experience; (iii) to 
fulfill any request you make; (iv) to communicate with you; (v) to contact you regarding other 
products and Services we offer if you have requested such information; (vi) or as otherwise 
directed by you. 


- or the purposes of performing a contract to which you are party or in order to take steps 
at your request prior to entering into a contract (Art. 6(1) letter (b) GDPR): if you have signed up 
to a contract for the Services we provide or have otherwise requested that we make the Services 
available to you, we will process your Personal Information for the purposes of giving full effects 
to such contract, performing our obligations under said contract and/or ensuring that you 
perform your obligations under the same. 








- our legitimate interests (Art. 6 (1) letter (f) GDPR): if we have identified you as a suitable 
Prospect for the purposes of communicating with you about our (current or future) Services, we 
process (limited) Personal Information (as stated above) about you on the basis of our 
legitimate interest to market the Website and/our Services. You may object to our processing of 
your Personal Information for direct marketing purposes at any time. If a Prospect becomes a 
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user of the Website and/or the Services at any time, your Personal Data will then be processed 
by us under ‘consent’ as the grounds of processing, mentioned above. 


To the extent necessary, we may also process your Personal Information to protect legitimate 
interests of our own and of third parties such as (i) to resolve disputes and/or troubleshoot 
problems; and (ii) to verify your compliance with your obligations in our Terms of Use or other 
TypingDNA policies. When we process your Personal Data to meet our legitimate interests, we 
balance our legitimate interests against your fundamental rights and freedoms and we 
implement appropriate safeguards to ensure that your interests, rights and freedoms do not 
override our legitimate interests. For more information about the balancing tests that we have 
carried out, please contact us at dataprivacy@typingdna.com. 





From time to time, you may be offered the opportunity to respond to requests for additional 
information from TypingDNA, including but not limited to surveys, polls, questionnaires, and 
feedback. 


When we communicate with you regarding the products and Services we offer or develop, you 
will be given the opportunity in each communication to unsubscribe and prevent future 
communications of that sort. Please note that emails we send you may include a technology 
(called a web beacon) that tells us whether you have received or opened the email or clicked a 
link in the email. 


If you do not want us to collect this information from our marketing emails, or if you wish to 
unsubscribe from direct marketing communications from us, you may write to us at 
dataprivacy@typingdna.com requesting the same. We will cease using your Personal 
Information for direct marketing purposes once you have requested us to do so. 


Additionally, we may use your Personal Information to create Anonymous Information including 
for use in future scientific research, product development and market research, if you agree to 
let us do so. 


Note: for the avoidance of doubt, TypingDNA does not use your Personal Data (including, in 
particular, your typing pattern) for the purposes of an automated decision-making process or for 
profiling. 


Recipients of Personal Information 


TypingDNA uses the Website to facilitate your engagement in and use of the Website and/or the 
Services we provide. 


We may disclose your Personal Information: (a) to third party vendors/suppliers who help us 
provide the Website and/or the Services; (b) to third parties to whom you ask us to send 
Personal Information, including other users to whom you authorize us to provide certain details 
of your Personal Information; (c) as required by law, such as to comply with a subpoena or 
otherwise in response to a lawful request by public authorities (including to meet national 
security or law enforcement requirements), or similar legal process when we believe in good 
faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, 
investigate fraud, or respond to a government request; (d) to a parent company, any 
subsidiaries, joint ventures, or other companies under common control with us (collectively, 
“Affiliates”), in the event we have such Affiliates now or in the future, in which case we will 
require our Affiliates to honor this Privacy Policy, or (e) to a company that merges with us, 
acquires us, or purchases our assets, or a successor in interest in bankruptcy, in which case such 
company may continue to process your Personal Information as set forth in this Privacy Policy. 
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We will share your Personal Information with third parties only in the ways that are described 
in this Privacy Policy, only to the extent necessary as per the applicable purpose of the 
disclosure and in strict compliance with applicable data privacy laws (including by observing the 
requirement to conclude compliant data processing agreements with any third party processor 
carrying out their tasks on our behalf and upon our instructions). We do not otherwise share or 
sell your Personal Information with or to third parties. We may use and disclose Anonymous 
Information without restriction. 


We do not and will not share, disclose, sell, rent, or otherwise provide Personal Information to 
other companies for the marketing of their own products or services. 


If you do not want us to disclose your Personal Information to a third party, please write to us at 
dataprivacy@typingdna.com in this sense. We will take all measures which may be feasible to 
give effect to such request, but may continue to disclose your Personal Information to a third 
party acting as an agent/data processor performing tasks on our behalf and under our 
instructions, only to the extent strictly required for such operations. 


Transfer of Personal Information 


Third parties to which we may disclose your Personal Information may be located within the 
European Union and elsewhere in the world (including the United States). As a result, your 
Personal Information may be transferred to countries outside of the country where the Personal 
Information was collected to countries whose data protection laws may be less stringent than 
the laws in your country. 


TypingDNA will ensure that suitable safeguards are in place to protect your Personal 
Information and that the transfer of your Personal Information complies with applicable data 
protection laws. 


For the avoidance of doubt, please note that TypingDNA Inc is a Delaware corporation that will 
enroll in the EU-US Privacy Shield mechanism (for more details please see here: 


https://www.privacyshield.gov/welcome). 


Where required by applicable data protection laws, we will ensure that service providers 
(including other associated companies) sign standard contractual clauses as approved by the 
European Commission or other supervisory authority with jurisdiction over the relevant data 
exporter. You can obtain a copy of any standard contractual clauses in place, which relate to 
transfers of your Personal Information by contacting dataprivacy@typingdna.com, although 
some details may be redacted for confidentiality reasons. 





Rights with regard to Personal Information 


You have a number of rights under the GDPR in relation to your Personal Information, as 
follows: 





(i) the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us 
confirmation as to whether or not Personal Information concerning you is being processed, and, 
where that is the case, access to (including by obtaining a copy of) such Personal Information 
and the manner in which, and the purposes for which we process your Personal Information so 
that you can verify its accuracy and the lawfulness of the processing; 


(ii) the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us 
the rectification of inaccurate Personal Information concerning you, and the right to have 





7 


January 3"4, 2020 


incomplete personal data completed, including by means of providing a supplementary 
statement 


(iii) the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of 
your Personal Information delay where (a) your Personal Information is no longer necessary for 
the purpose for which it was collected/processed; (b) you wish to withdraw your consent to 
processing (except where we have another legal ground for the processing that we may rely on); 
(c) where processing is based on our legitimate interests and there are no overriding legitimate 
grounds for processing; (d) where your Personal Information has been unlawfully processed; 








(iv) the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain 
from us the restriction of processing of your Personal Information where (a) the accuracy of 
such Personal Information is contested by you (for such period as will enable us to verify the 
accuracy of your Personal Information); (b) the processing of your Personal Information is 
unlawful, but you do object to the deletion of such data and request restriction of its use instead; 
(c) you consider that we no longer need your Personal Information for the purposes of the 
processing, but require such Personal Information for the establishment, exercise or defense of 
legal claims; (d) you have objected to the processing of your Personal Data on grounds of 
‘legitimate interest’ as per (iii) above, pending verification by us on whether our legitimate 
grounds override your own. 


(v) the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds 
relating to your particular situation, at any time to processing of your Personal Information, 


which is based on point our legitimate interests, including profiling based on those provisions. 
We shall no longer process the personal data unless we have compelling legitimate grounds for 
the processing which override your interests, rights and freedoms or for the establishment, 
exercise or defense of legal claims. You may object to the processing of your Personal 
Information for direct marketing purposes at any time, without giving reason. 


(vi) the right to data portability pursuant to Art. 20 GDPR: you have the right to receive 


Personal Information concerning you, and which you have provided to us, in a structured, 
commonly used and machine-readable format, and to transmit such data to another data 
controller (please note this applies only where our processing of your Personal Information is 
based on your consent or on a contract, and the processing is carried out by automated means) 


(vii) the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): 
you have the right to appeal to the competent data protection supervisory authority - in 
Romania, such authority is the Romanian National Authority for the Supervision of Personal 
Data Processing (www.dataprotection.ro). If you are a US resident, please check the Section 
below dedicated to Participation in the EU-US Privacy Shield Mechanism which sets out the 
various recourse mechanisms available to you in this sense. 





Your exercise of these rights is subject to certain exemptions to safeguard the public interest 
(e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) 
or rights and freedoms of others, as provided by the GDPR and the EU-US Privacy Shield 
principles (please see our dedicated Section on this below). 


While we will make good faith efforts to provide you with access to your Personal Information, 
we may deny or limited access to such Personal Information where: this would interfere with 
the execution or enforcement of the law or with private causes of action (including the 
prevention, investigation or detection of offences or the right to a fair trial); the legitimate rights 
and interest of others would be violated through such disclosure; this would prejudice the 
confidentiality necessary in monitoring, inspection or regulatory functions connected with 
sound management, or in future or ongoing negotiations involving us. We will of course 
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endeavour to offer you an adequate explanation of the necessity, and reason for, restricting 
access in the circumstances mentioned above. 


If you exercise any of these rights, we will check your entitlement and respond without undue 
delay, but not later than within a month. In complex cases or at times of receiving numerous 
requests, this period may be extended by two further months of which we will inform you. 


To review or update your Personal Information including user information to ensure it is 
accurate, please write to us at dataprivacy@typingdna.com informing us of any changes that may 
need to be made in respect of your Personal Information and we will update such information on 
your behalf and in our systems. 





If you wish to delete your TypingDNA Authentication API Account, please visit 
https://www.typingdna.com/clients/account#delete and click the “Delete Account” button. 
Alternatively, you can write to us at dataprivacy@typingdna.com requesting that your account be 
deleted and we will proceed with this deletion on your behalf and in our systems. 





Please note that once you delete your account you will no longer be able to enjoy the full 
functionality of the Website and/or (part or all) of the Services we provide. Certain information 
is necessary in order for us to provide the Website; therefore, if you delete such necessary 
information you will not be able to use the Website and/or the Services. 


Please remember, however, if we have already disclosed some of this information to third 
parties, we cannot access that information any longer and cannot force the deletion or 
modification of any such information by the parties to whom we have made those disclosures. 
We will of course comply with any legal obligation we may have to notify them of your request. 


Please note that even though you may request the deletion of your Personal Information by us, 
we may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or 
troubleshoot problems) to keep this information and not delete it, or to keep this information for 
a certain time, in which case we will comply with your account deletion only after we have 
fulfilled such requirements. When you delete your account, Personal Information will be deleted 
from the active database, but (limited) Personal Information may remain in our archives where 
legally permitted. 


If you have unsubscribed from receiving marketing information from us, we will continue to 
maintain your Personal Data for any other purpose for which we still have legal grounds for 
processing such Personal Data (such as the performance of a contract, for the purposes of 
complying with a legal obligation or when the processing is necessary for the purpose of a 
legitimate interest of us). In certain cases, if no other legal grounds exist, we will maintain 
limited Persona Data (such as your email address) about you on record so as to be able to ensure 
for the future that such marketing communications are no longer sent to you. 


Please note that any processing of your Personal Data prior to the deletion of your account with 
us, or your request that we no longer contact you for direct marketing purposes will remain 
valid under the legal grounds then prevailing. 


You can exercise any of your rights as stated above, by sending us a request to 
dataprivacy@typingdna.com. We will endeavor to respond to any such request as soon as 
possible, and in any event within the legal deadline. 


Information Security 


The security of your personal information is important to us. We use appropriate technical and 
organizational methods to protect the Personal Information submitted to, or otherwise 
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processed by, us, both during transmission and once we receive it from loss, misuse or 
unauthorized access, disclosure, alteration and destruction, taking into account the risks 
involved in the processing and the nature of the Personal Information. 


We take great care in implementing and maintaining the security of the Website, the Services we 
provide and of your Personal Information. We have put in place appropriate technical and 
organizational measures to protect your Personal Information against accidental or unlawful 
destruction, loss, alteration, unauthorized disclosure or access and against all other unlawful 
forms of processing, in accordance with the law. In addition, we employ industry standard 
procedures and controls to ensure the safety of your personal data, such as: secure network 
typology which includes Firewall systems; encrypted communication, authentication and access 
control, external and internal audit tests, etc. 


Your Personal Information (including typing biometrics) is stored on virtual servers hosted by 
different cloud services and third party SaaS (Software as a Service) providers, in a secured 
database behind secured networks and is only accessible by a limited number of persons who 
have special access rights to such systems and are required to keep the information confidential. 
In addition, all sensitive information you supply, and which is being transferred between the 
browser and the server is encrypted via Secure Socket Layer (SSL) technology. We store sensible 
data encrypted via AES256 (Advanced Encryption Standard 256). 


We implement a variety of security measures when a user enters, submits, or accesses their 
information to maintain the safety of your personal information. We do not use vulnerability 
scanning and/or scanning to PCI standards. 


Your typing pattern/biometrics is an array of numbers and statistics about the keys that are 
used most frequently. We do not record the actual typed text, but rather statistics about the keys 
you press when you type on your device. It is impossible to reverse a pattern and recreate the 
original text and only the typing pattern is transferred to our servers (never the actual typed 
text). The process is completely safe and there are no risks during transfer. 


No method of transmission over the Internet, or method of electronic storage, is 100% secure, 
however. Therefore, although we take reasonable steps to safeguard information, we cannot be 
responsible for the acts of those who gain unauthorised access or abuse the Website and we 
make no warranty, express, implied or otherwise, that we will prevent such access. 


Cookies & Other Anonymous Information 


As you use the Website, certain Anonymous Information may be collected and stored via cookies 
and similar technologies, such as your Internet protocol address, domain names, browser type, 
click-stream data, and access times. 


A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We 
use cookies on this Website. We do not link the information we store in cookies to any Personal 
Information you submit while on our site without your express consent. 


We use cookies to: 
- understand and save user's preferences for future visits; 


- compile aggregate data about site traffic and site interactions in order to offer better 
Website experiences and tools in the future 


We may also use trusted third-party services that track this information on our behalf. 
- keep track of advertisements; 
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- help remember and process the items in the shopping cart. 


We may use both session ID cookies and persistent cookies. We use session cookies to make it 
easier for you to navigate our site. A session ID cookie expires when you close your browser. A 
persistent cookie remains on your hard drive for an extended period of time. We may also set 
persistent cookies to store your passwords, so you do not have to enter it more than once. 
Persistent cookies will enable us to track and target the interests of our users to enhance the 
experience on our site. 


You can choose to have your computer warn you each time a cookie is being sent, or you can 
choose to turn off all cookies. You do this through your browser settings. Since each browser is a 
little different, look at your browser's Help Menu to learn the correct way to modify your cookies 
preferences. If you disable cookies in your browser, some features will be disabled. Some of the 
features that make your Website experience more efficient may not function properly. 


We may use the Anonymous Information we collect from you to customize the content and 
layout of the Website for you and improve our internal operations and the content of our 
Website. With your opt-in consent, we may combine this Anonymous Information with your 
Personal Information such that the information is no longer anonymous. 


Google Analytics, Google Ads 


These are services of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files 
that are stored on your computer and that allow an analysis of the use of the Website by you. 
The information generated by the cookie about your use of this Website (including your IP 
address) is transmitted to a Google server in the USA and stored there anonymously. Google will 
use this information to evaluate your use of the Website, to compile reports on website activity 
for website operators and to provide other services related to website activity and Internet 
usage. Google may also transfer this information to third parties if required by law or as far as 
third parties process this data on behalf of Google. Third parties, including Google, place ads on 
websites on the Internet. Third-party providers, including Google, use stored cookies to serve 
ads based on previous visits by a user to this website. You can prevent the installation of cookies 
by setting your browser software accordingly; however, please note that in this case you may 
not be able to use all features of this Website to the fullest extent. You can also visit the page to 
disable Google advertising. By using this Website, you consent to the processing of data about 
you by Google in the manner and for the purposes set out above. 


Twitter Ads 


The Website uses cookies and other similar technologies, such as Twitter pixels to measure 
performance of our Twitter Ads campaigns. 


Hotjar 


Hotjar is an analytics and feedback tool that we use to understand how our Website is used and 
improve usability. Hotjar sets cookies to help us track behaviour across pages and to control 
visitor polls. The cookies carry no personally identifiable information. 


Hubspot 


HubSpot offers a full platform of marketing, sales, customer service, and CRM software - plus the 
methodology, resources, and support - for inbound marketing. When you visit our Website, 
HubSpot's tracking code sets a number of tracking cookies to track Website visitors and 
contacts. It leaves behind a cookie on your computers that helps HubSpot identify them on 
future visits. 
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Third Party Websites and Services 


The Platform may contain links to websites hosted and operated by companies other than us 
(“Third-Party Websites”) to which you can export (part of) your Personal Information on the 
Website. 


We do not disclose your Personal Information to these Third-Party Websites without your 
explicit consent. Note that any information you disclose to Third Party Websites is no longer 
under our control and no longer subject to this Privacy Policy. 


You should review the privacy policy practices of any such Third-Party Website to understand 
how that Third-Party Website collects and uses your Personal Information should you have 
decided to disclose your Personal Information to them. We are not responsible for the content or 
performance of these Third-Party Websites. We are in no way responsible or liable for the 
manner in which a Third-Party Website treats any Personal Information that you choose to 
provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own 
risk. 


We may use a third-party tracking service such as Google Analytics to track and analyze 
Anonymous Information from users of the Platform. Such third parties may use cookies to help 
track user behaviour. The use of cookies by third parties is not covered by this Privacy Policy. 
We do not have access or control over these cookies. 


Changes to the Privacy Policy 


We may update this Privacy Policy to reflect changes to our information practices. If we make 
any material substantial changes, we will notify you by email (sent to the email address specified 
in your account) or by means of a notice on this Website prior to the change becoming effective. 
We encourage you to periodically review this page for the latest information on our privacy 
practices. Continued use of our Platform following notice of such changes will indicate your 
acknowledgement of such changes and agreement to be bound by the terms and conditions of 
such changes. 


Any changes to this Privacy Policy may affect our use or disclosure of Personal Information 
collected prior to the changes. If you do not agree to any of the changes, you must notify us prior 
to the effective date of the changes that you wish to terminate your account with us. Continued 
use of our Platform following such notice of such changes shall indicate your acknowledgement 
of such changes and agreement to be bound by the terms and conditions of such changes. 


Retention Period 


We endeavour to ensure that Personal Information are kept as current as possible and that 
irrelevant or excessive data are deleted or made anonymous as soon as reasonably practicable. 
We retain Personal Information about you only for as long as it serves a purpose of processing 
mentioned in this Privacy Policy. This does not prevent us from processing your Personal 
Information for longer periods of time, to the extent such processing reasonably serves other 
purposes, including for statistical analysis. 


However, some Personal Information may be retained for varying time periods in order to 
comply with legal and regulatory obligations and for other legitimate business reasons. We will 
generally retain your Personal Information only so long as it is required for purposes for which 
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it was collected. Where your Personal Information is no longer required, we will ensure it is 
either securely deleted or stored in a way which means it will no longer be used by the business. 


Subject to the principles set out in the above paragraph, we will delete your account 5 years after 
your last accessing of the Website and/or of any of our (current or future) Services, if you do not 
wish an earlier deletion of Personal Information. Note: we may continue to use Your typing 
pattern if we have used such typing pattern to build the algorithm, to further develop and 
improve the algorithm. If we do so, we undertake to anonymise/de-personalise Your typing 
pattern in such a way that it can no longer be linked to You and therefore no longer constitute 
Personal Information about You. 


Children 


The Website and our Services are not directed to children and children are not eligible to use our 
Website and/or any of our Services. 


Protecting the privacy of children is very important to us. We do not collect or maintain Personal 
Information from people we actually know are under 18 years of age, and no part of our Website 
is designed to attract people under 18 years of age or persons under the age of legal consent in 
any jurisdiction (“Legally of Age”). 


Do not attempt to access the Website and/or create an account and/or apply for a demo version 
of our Services if you are not Legally of Age. If we later learn that a user is not Legally of Age, we 
will take steps to remove that user’s information from our databases and to prevent the user 
from utilizing the Website and/or any of our Services. 


If you are the parent of a legal guardian of a person that is not Legally of Age who has registered 
on our Website, or who you believe has otherwise provided Personal Information to us, please 
contact us using the details set out at the end of this Privacy Policy to have the information 
deleted. Information voluntarily provided by persons not Legally of Age via e-mails, message 
boards, chat sessions etc. may be used by other parties to generate unsolicited e-mails. We 
encourage parents and legal guardians to inform children about how to use the Internet in a safe 
and responsible manner. 


Future participation in the EU-US Privacy Shield Mechanism 
General remarks 


TypingDNA Inc is a US-based corporation and will self-certify as participant under the EU-US 
Privacy Shield mechanism for compliance with data protection requirements when transferring 
Personal Information from the European Union to the United States. 


This section of the Privacy Policy regulates TypingDNA Inc.’s additional commitments and 
undertakings in accordance with the EU-US Privacy Shield Framework. Please visit the dedicated 
website of the EU-US Privacy Shield at https://www.privacyshield.gov/welcome for more 
details. 





As a future participant in the EU-US Privacy Shield mechanism, TypingDNA Inc.will be subject to 
the investigatory and enforcement powers of the Federal Trade Commission, the Department of 
Transportation and any other US authorized statutory body. 


Commitment to comply with Privacy Shield principles 
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TypingDNA Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. 
Department of Commerce regarding the collection, use, and retention of personal information 
transferred from the European Union to the United States. TypingDNA Inc. will certify to the 
Department of Commerce that it will adhere to the Privacy Shield Principles. If there is any 
conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy 
Shield Principles shall govern 


Onward transfers to third parties 


Where TypingDNA Inc transfers your Personal Information to third parties acting as data 
controllers, it will only do so on the basis of a contract with such third party controller which 
provides that your Personal Information may be processed only for limited and specified 
purposes consistent with the consent you have provided to us, and that the recipient will 
provide at least the same level of protection of your Personal Information as regulated under the 
EU-US Privacy Shield framework. Such contract will further provide that the third-party 
controller shall be required to notify us if it makes a determination that it can no longer meet its 
obligations under the EU-US Privacy Shield framework, and it shall cease processing your 
Personal Information or take other reasonable and appropriate steps to remediate. 


In the context of an onward transfer, TypingDNA Inc. shall have responsibility for the processing 
of Personal Information which it subsequently transfers to a third party acting as an agent/data 
processor on its behalf. TypingDNA Inc. shall remain liable if such agent/data processor 
processes such Personal Information in a manner that inconsistent with the Privacy Shield 
principles (unless we are able to prove that we are not responsible for the event giving rise to 
the damage). 


Complaints and Disputes 


If you reside in the United States and have a complaint about the manner in which we collect or 
process your Personal Information, we encourage you to bring complaints directly to us at 
TypingDNA Inc, at the following contact details dataprivacy@typingDNA.com. We undertake to 
respond to you not later than 45 days after filing your complaint. 


As required under the EU-US Privacy Shield Framework, TypingDNA Inc. must offer a readily 
available independent recourse mechanisms, so that any potential complaints and disputes 
related to our processing of your Personal Information can be investigated and expeditiously 
resolved at no cost to you. 


To meet this requirement, TypingDNA Inc. has chosen the International Centre for Dispute 
Resolution, the international division of the American Arbitration Association (ICDR-AAASM) to 
resolve this type of disputes. Please go to https://go.adr.org/privacyshield.html for further 
details on how such independent recourse mechanism works and how to file a complaint. 





You also have an option to arbitrate any residual claims, in accordance with Privacy Shield 


Annex I (available here: https://www.privacyshield.gov/article?id=A-Scope). Please note that 


your option for arbitration may be enforced only if we have failed to resolve your claims/ 
complaints to your satisfaction, and this remains the case after availing yourself to the 
independent recourse mechanism referred to above. 


Representation 
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For the purposes of Art. 27 GDPR, TypingDNA SRL is hereby appointed as the representative of 
TypingDNA Inc in the territory of the European Union and may be addressed, in addition to or 
instead of, TypingDNA Inc. by, in particular, supervisory authorities and data subjects, on all 
issues related to personal data processing performed by TypingDNA Inc., for the purposes of 
ensuring compliance with the GDPR. 


Questions about this Privacy Policy & Exercising your rights as a Data subject 


If you have questions or comments about this Privacy Policy, or wish to exercise any of your data 
subject rights under the GDPR, or otherwise make any request as specified further in this 
Privacy Policy, please contact us at: 


dataprivacy@typingdna.com 


If you are dissatisfied with our use of your Personal Information or our response to any exercise 
of your rights under the GDPR, you have the right to complain to the data protection authority: 
http://www.dataprotection.ro/ or avail yourself of the independent recourse mechanism under 
the EU-US Privacy Shield Framework, as referred to above. In order to ensure timely resolution, 
we encourage you to reach out to us first with respect to any queries, questions or complaints 
you may have in relation our processing of your Personal Information. We will endeavour to 
respond as soon as practicable. 


Last Updated: January 3"4 2020 
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